Mercurial > hg > nginx

comparison src/http/modules/ngx_http_proxy_module.c @ 5659:3fb6615bb87f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Upstream: plugged potential memory leak on reload. The SSL_CTX_set_cipher_list() may fail if there are no valid ciphers specified in proxy_ssl_ciphers / uwsgi_ssl_ciphers, resulting in SSL context leak. In theory, ngx_pool_cleanup_add() may fail too, but this case is intentionally left out for now as it's almost impossible and proper fix will require changes to http ssl and mail ssl code as well.
author Maxim Dounin <mdounin@mdounin.ru>
date Fri, 18 Apr 2014 20:13:24 +0400
parents d15822784cf9
children 7022564a9e0e
comparison
equal deleted inserted replaced
5658:94ae92776441 5659:3fb6615bb87f
3772 != NGX_OK) 3772 != NGX_OK)
3773 { 3773 {
3774 return NGX_ERROR; 3774 return NGX_ERROR;
3775 } 3775 }
3776 3776
3777 cln = ngx_pool_cleanup_add(cf->pool, 0);
3778 if (cln == NULL) {
3779 return NGX_ERROR;
3780 }
3781
3782 cln->handler = ngx_ssl_cleanup_ctx;
3783 cln->data = plcf->upstream.ssl;
3784
3777 if (SSL_CTX_set_cipher_list(plcf->upstream.ssl->ctx, 3785 if (SSL_CTX_set_cipher_list(plcf->upstream.ssl->ctx,
3778 (const char *) plcf->ssl_ciphers.data) 3786 (const char *) plcf->ssl_ciphers.data)
3779 == 0) 3787 == 0)
3780 { 3788 {
3781 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, 3789 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
3782 "SSL_CTX_set_cipher_list(\"%V\") failed", 3790 "SSL_CTX_set_cipher_list(\"%V\") failed",
3783 &plcf->ssl_ciphers); 3791 &plcf->ssl_ciphers);
3784 return NGX_ERROR; 3792 return NGX_ERROR;
3785 } 3793 }
3786 3794
3787 cln = ngx_pool_cleanup_add(cf->pool, 0);
3788 if (cln == NULL) {
3789 return NGX_ERROR;
3790 }
3791
3792 cln->handler = ngx_ssl_cleanup_ctx;
3793 cln->data = plcf->upstream.ssl;
3794
3795 return NGX_OK; 3795 return NGX_OK;
3796 } 3796 }
3797 3797
3798 #endif 3798 #endif
3799 3799